It has become the bane of many office workers’ existences: being forced to use complicated and difficult-to-remember passwords laden with random numbers and symbols.
But the man who originally came up with the rules on safe passwords has admitted that his guidance was totally wrong, 14 years after it was first published.
Bill Burr wrote what has become the “bible” on password security in 2003 while working for the US government. It advised using capital letters, numbers and non-alphabetic symbols in passwords, in the belief that they would be more difficult to guess.
His work is now responsible for offices and websites forcing people to adopt tortuous phrases such as “P@55w0rd” or “Football123” to satisfy password forms, as well as IT departments demanding that workers create a new one every 90 days.
But instead of improving security, the combinations actually made computer systems less secure, since users would end up using the same password repeatedly, or writing them down on post-it notes attached to screens.
Nor did the introduction of numbers and symbols make passwords less vulnerable to “brute force” cyber attacks in which a computer cycles through every possible combination of characters to guess a password.
“Much of what I did I now regret,” Mr Burr, who is now retired, told the ‘Wall Street Journal’. “In the end, it was probably too complicated for a lot of folks to understand, and the truth is, it was barking up the wrong tree.”
He added the advice to regularly change passwords was mistaken, since most people end up altering one character, such as changing from “username1” to “username2”, which does little to stop hackers. In 2015, GCHQ advised companies to stop resetting passwords.
The original password guidelines from America’s National Institute for Science and Technology, written by Mr Burr, have been updated to do away with the old rules.
They now advise people use long but easy-to-remember “passphrases”, a sequence of words that do not need to feature special characters or numbers. Using “horsecarrotsaddlestable” would take one trillion years for a “botnet” cyber attack to crack, compared to one minute for “P@55w0rd”.
Article Source: http://tinyurl.com/kbwqb42
- Mum-run firms organise pop-up event to encourage shoppers to buy local this Black Friday
- Adrian Weckler: ‘Why cities bend over for tech’
- One in three Irish SMEs targeted by fraud
- Foreign legion: Just 3pc of men who move abroad are doing it to follow their partner’s career path
- Monday 12 November 2018 Why can’t I add son to our car’s policy?
- 21 Belvedere Place, Dublin 1
- +353 1 855 4188
- +353 1 836 6550
- 14 Nov 2018Mum-run firms organise pop-up event to encourage shoppers to buy local this Black Friday
- 14 Nov 2018Adrian Weckler: ‘Why cities bend over for tech’
- 14 Nov 2018One in three Irish SMEs targeted by fraud
- 12 Nov 2018Foreign legion: Just 3pc of men who move abroad are doing it to follow their partner’s career path
- 12 Nov 2018Monday 12 November 2018 Why can’t I add son to our car’s policy?